Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/8FEhHGw9wmLDDLMIvN1maiYvyrM.roa
File:                     8FEhHGw9wmLDDLMIvN1maiYvyrM.roa (raw, json)
Hash identifier:          fekRImdjTCCLyjdikCkBOo7LFrsEr8qmZXKpxKLQjLo=
Subject key identifier:   F0:51:21:1C:6C:3D:C2:62:C3:0C:B3:08:BC:DD:66:6A:26:2F:CA:B3
Certificate issuer:       /CN=55b296d6b534fe3a32cc1c3a4e81358f216c93c7
Certificate serial:       019425FD94D71192576392AB2315127966BF
Authority key identifier: 55:B2:96:D6:B5:34:FE:3A:32:CC:1C:3A:4E:81:35:8F:21:6C:93:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbKW1rU0_joyzBw6ToE1jyFsk8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/8FEhHGw9wmLDDLMIvN1maiYvyrM.roa
Signing time:             Thu 02 Jan 2025 07:49:23 +0000
ROA not before:           Thu 02 Jan 2025 07:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31529
IP address blocks:        185.151.141.0/24 maxlen: 24
                          185.151.142.0/24 maxlen: 24
                          185.151.143.0/24 maxlen: 24
                          194.0.0.0/24 maxlen: 24
                          194.0.11.0/24 maxlen: 24
                          194.246.96.0/24 maxlen: 24
                          2001:678:2::/48 maxlen: 48
                          2001:678:e::/48 maxlen: 48
                          2a02:568:fe00::/48 maxlen: 48
                          2a02:568:fe01::/48 maxlen: 48
                          2a02:568:fe02::/48 maxlen: 48
                          2a02:56f::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:94:d7:11:92:57:63:92:ab:23:15:12:79:66:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55b296d6b534fe3a32cc1c3a4e81358f216c93c7
        Validity
            Not Before: Jan  2 07:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f051211c6c3dc262c30cb308bcdd666a262fcab3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d0:f4:2b:8b:ac:82:db:aa:3f:a7:2b:30:57:
                    ae:45:be:84:94:41:14:96:3f:16:1f:d9:98:ff:4f:
                    8f:ac:cf:9f:ca:39:11:fc:b8:49:20:1a:fe:92:cb:
                    b6:1c:8f:dd:ce:f9:f9:c8:c7:83:f3:fa:00:11:a4:
                    31:ed:23:47:5a:13:ca:a9:31:ae:58:01:5c:10:36:
                    56:28:37:94:33:0d:82:fd:3e:09:d5:e4:a1:67:f1:
                    fc:c9:7c:4d:b0:fb:be:71:0e:25:43:4b:eb:c3:94:
                    6d:fd:5d:e0:cd:41:1b:60:9f:2a:c9:e3:ad:8d:55:
                    d0:73:45:18:d5:54:b2:ad:20:ec:3b:fc:50:37:41:
                    96:9a:7c:63:47:df:04:c9:90:d1:4a:ef:43:07:86:
                    d4:ba:79:9b:09:82:4e:76:45:72:4e:f9:4d:17:24:
                    f9:3c:35:21:e7:83:99:11:8f:2b:5d:25:b9:2a:59:
                    8a:35:4e:d4:96:18:14:aa:ee:37:25:aa:af:c4:29:
                    e2:86:71:32:e7:03:aa:12:51:2a:c4:b0:09:5d:ff:
                    a8:93:28:ea:1a:4e:5a:58:9c:0b:06:2b:be:08:88:
                    1f:d6:ea:b0:58:b1:dc:97:9c:c8:e8:ff:85:12:ec:
                    e3:dd:ef:e2:a6:56:c5:53:76:e4:c9:26:19:40:62:
                    cf:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:51:21:1C:6C:3D:C2:62:C3:0C:B3:08:BC:DD:66:6A:26:2F:CA:B3
            X509v3 Authority Key Identifier:
                keyid:55:B2:96:D6:B5:34:FE:3A:32:CC:1C:3A:4E:81:35:8F:21:6C:93:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbKW1rU0_joyzBw6ToE1jyFsk8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/8FEhHGw9wmLDDLMIvN1maiYvyrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/d7ab0c-3c22-4c61-a201-dd6cc97c9bdd/1/VbKW1rU0_joyzBw6ToE1jyFsk8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.141.0-185.151.143.255
                  194.0.0.0/24
                  194.0.11.0/24
                  194.246.96.0/24
                IPv6:
                  2001:678:2::/48
                  2001:678:e::/48
                  2a02:568:fe00::-2a02:568:fe02:ffff:ffff:ffff:ffff:ffff
                  2a02:56f::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:5a:59:86:8a:b5:aa:f0:56:9c:0e:57:83:0d:b1:dd:60:b9:
         e1:6f:51:89:97:6f:6d:7a:7f:c3:21:1f:fa:1a:c2:23:3c:0e:
         55:7d:b3:3d:d9:6e:b1:7b:33:91:03:87:69:93:5e:cf:99:63:
         a4:19:2f:4d:3c:80:fb:c8:63:14:88:a7:41:45:3c:0e:58:bd:
         c4:46:19:35:e7:8b:20:16:d5:75:a8:7a:6d:da:d9:db:80:88:
         b7:2e:29:dd:85:43:cc:9b:a2:96:37:dc:0e:27:38:c1:8c:67:
         82:db:51:5d:83:9e:75:ed:70:f7:55:d8:1c:31:72:9b:43:1d:
         0e:d5:0b:71:f1:3c:b7:29:39:3f:9d:ae:7a:f3:cb:53:e1:7c:
         a1:e9:cb:f5:cf:47:49:34:f3:82:70:7c:14:ec:24:5d:94:1a:
         1f:5c:e3:44:fd:e2:bf:35:5b:a8:21:f7:a8:95:be:3f:18:89:
         f9:17:9d:4e:d7:b4:1b:83:70:3f:23:ca:40:ee:ee:3e:60:0c:
         ba:de:3b:0e:8f:00:a6:5e:b7:fc:24:8b:df:f4:1e:3d:55:59:
         b6:4c:d0:5a:f4:a2:d8:1f:84:b5:3b:ef:d4:16:57:cf:4a:db:
         82:fb:94:ce:5f:59:39:98:57:5b:fd:b5:0e:08:b9:e8:34:ce:
         ab:4d:78:a1
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZQl/ZTXEZJXY5KrIxUSeWa/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YjI5NmQ2YjUzNGZlM2EzMmNjMWMzYTRlODEzNThmMjE2
YzkzYzcwHhcNMjUwMTAyMDc0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDUxMjExYzZjM2RjMjYyYzMwY2IzMDhiY2RkNjY2YTI2MmZjYWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtD0K4usgtuqP6crMFeuRb6ElEEU
lj8WH9mY/0+PrM+fyjkR/LhJIBr+ksu2HI/dzvn5yMeD8/oAEaQx7SNHWhPKqTGu
WAFcEDZWKDeUMw2C/T4J1eShZ/H8yXxNsPu+cQ4lQ0vrw5Rt/V3gzUEbYJ8qyeOt
jVXQc0UY1VSyrSDsO/xQN0GWmnxjR98EyZDRSu9DB4bUunmbCYJOdkVyTvlNFyT5
PDUh54OZEY8rXSW5KlmKNU7UlhgUqu43JaqvxCnihnEy5wOqElEqxLAJXf+okyjq
Gk5aWJwLBiu+CIgf1uqwWLHcl5zI6P+FEuzj3e/iplbFU3bkySYZQGLPrwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFPBRIRxsPcJiwwyzCLzdZmomL8qzMB8GA1UdIwQY
MBaAFFWylta1NP46MswcOk6BNY8hbJPHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJLVzFyVTBfam95ekJ3NlRvRTFqeUZzazhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9kN2FiMGMtM2MyMi00YzYxLWEyMDEt
ZGQ2Y2M5N2M5YmRkLzEvOEZFaEhHdzl3bUxERExNSXZOMW1haVl2eXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9kN2FiMGMtM2MyMi00YzYxLWEyMDEtZGQ2Y2M5N2M5YmRk
LzEvVmJLVzFyVTBfam95ekJ3NlRvRTFqeUZzazhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDAmBAIAATAgMAwDBAC5l40D
BAS5l4ADBADCAAADBADCAAsDBADC9mAwMgQCAAIwLAMHACABBngAAgMHACABBngA
DjARAwYBKgIFaP4DBwAqAgVo/gIDBQAqAgVvMA0GCSqGSIb3DQEBCwUAA4IBAQCS
WlmGirWq8FacDleDDbHdYLnhb1GJl29ten/DIR/6GsIjPA5VfbM92W6xezORA4dp
k17PmWOkGS9NPID7yGMUiKdBRTwOWL3ERhk154sgFtV1qHpt2tnbgIi3LindhUPM
m6KWN9wOJzjBjGeC21Fdg5517XD3VdgcMXKbQx0O1Qtx8Ty3KTk/na5688tT4Xyh
6cv1z0dJNPOCcHwU7CRdlBofXONE/eK/NVuoIfeolb4/GIn5F51O17Qbg3A/I8pA
7u4+YAy63jsOjwCmXrf8JIvf9B49VVm2TNBa9KLYH4S1O+/UFlfPStuC+5TOX1k5
mFdb/bUOCLnoNM6rTXih
-----END CERTIFICATE-----